Search Results

Search found 1537 results on 62 pages for 'anonymous'.

Page 30/62 | < Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >

  • Is there any problem using the ftpd that comes with Kerberos on CentOS?

    - by Chen Levy
    Hello, I need to configure ftpd on a CentOS 5.3 host to allow anonymous ftp (upload and download) from a well defined directory. I wish the setup to be as simple as possible, and to introduce as little new dependencies as possible. Scanning the current server configuration, I found the ftpd server that comes as part of the Kerberos workstation: > rpm -ql krb5-workstation | grep ftpd$ /usr/kerberos/sbin/ftpd Is there any reason I could or should not use this ftp server?

    Read the article

  • How to run PHP + IIS8 as Windows User, or should I?

    - by Jake
    I am creating a PHP website on IIS8 that needs to connect to an SQL Server that is in the same Windows Domain as the IIS8. I am given a Windows Domain user account and asked to connect using its credentials. I am using sqlserv_connect() for PHP and I get the error Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' Is there a way to run PHP + IIS8 as the windows domain user? Or MUST I configure SQL Server to use SQL Authentication mode so that I can supply a username and password?

    Read the article

  • Authentication between web server and sql server

    - by thirster42
    So, we're restructuring out development environment. We've installed SQL Server onto it's own server, and we are publishing our internal web applications onto a seperate web server. However, the problem is that for some reason the authentication of the user between the web server and sql server gets lost, resulting in the Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' error. Where do i start troubleshooting? SQL Server is set up for TCP and remote connections.

    Read the article

  • How to block bittorrent but allow web surfing using ISA Server?

    - by nray
    Given a public WiFi hotspot behind an ISA Sever and a single Internet address, which rules or content filters would be useful to achieve this configuration? Allow anonymous users to surf the web, chat over IM, and connect to their diffrent workplace VPNs Restrict Bittorrent and other P2P clients from attracting the attention of MediaSentry and others.

    Read the article

  • Trouble creating FTP in Server 2008

    - by Saariko
    I have been trying to create an FTP server on my new Server 2008. I have been following both (very detailed and highly published here guides) For setting up using IIS Manager http://learn.iis.net/page.aspx/321/configure-ftp-with-iis-7-manager-authentication/ and For anonymous FTP http://www.trainsignaltraining.com/windows-server-2008-ftp-iis7 I am able to log as an anonymous user. My need is to use a named user, so I need to use the IIS Manager. I get error 530 when trying to log as a user. Connected to 127.0.0.1. 220 Microsoft FTP Service User (127.0.0.1:(none)): ftpmanager 331 Password required for ftpmanager. Password: 530-User cannot log in. Win32 error: Logon failure: unknown user name or bad password. Error details: Filename: Error: 530 End Login failed. ftp> I can not learn from this message anything. My password is set to: 1234 (so I don't think I make a mistake here - testing purposes only ofc) Thank you. Note - I went over other posts on SE that I read, and couldn't get the result: IIS7 Windows Server 2008 FTP -> Response: 530 User cannot log in. FTP Error 530, User cannot log in, home directory inaccessible. Having trouble setting up FTP server on Windows Server 2008 EDIT I think I found some errors with the physical path. Going to Basic settings, and Test Connection on the physical path, gave me the following error: The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that \$ has Read access to the physical path. Then test these settings again. I am not sure which/whom should get access to the Root folder !? I want to point out, I managed to login with a domain user (change authorization and authentication methods) but this is NOT the requested solution. I checked to make sure that the FTP, folders, access is working properly. I am bit lost here. ==== More tries: I have enabled another Allow rule for ALL Users. I still get the same error. It seems that it doesn't matter if i use a correct or wrong password, I still get Error 530.

    Read the article

  • Automating MySQL configuration with kickstart

    - by Nimmy Lebby
    I've been testing deployment for a website with some virtual servers. I have most of my deployment steps done via kickstart file (package installation and user creation). However, for MySQL I have to: Run mysql_secure_installation (sets up root password, deletes anonymous users, disallows root login remotely, removes test databases) ./ Then, create the website's databases and the database user. I'm not sure if this is possible in kickstart---especially the prompts in mysql_secure_installation. Perhaps someone has some suggestions or examples?

    Read the article

  • FTP from batch file

    - by Buzkie
    I'm trying to use a batch file to download a package off my FTP server. echo username >ftp.txt echo >>ftp.txt echo cd directory >>ftp.txt echo get filename >>ftp.txt ftp -s:ftp.txt server.com The server is set to allow anonymous logins on username but when I run the script I get an error: 331 Password required for username If there is any other useful information let me know. -Alex

    Read the article

  • Is there a security concern exposing NTLM authentication over http or should it only be https?

    - by Shane
    We are setting up a SharePoint 2010 site. Don't worry, this is not a Sharepoint question, just adding it for context. Most of the site will be anonymous, but some users are able to authenticate in and edit content. They use NTLM (users exist in AD). Is there any concern about exposing NTLM login for users that can modify content over the internet via http or should that only be exposed via https?

    Read the article

  • Which user does PHP/IIS6 use to read/write files?

    - by Stung
    Hi, I've installed PHP5 (FastCGI) on IIS6 and is just wondering which windows user PHP uses to access the file system? With ASP.NET for example, the ASPNET account is used to access the file system. But how about PHP? I've read some post that suggest it uses the anonymous (i.e. IUSR) account. But isn't it a security breach if I give write access to the IUSR account? Thanks!

    Read the article

  • EXC_BAD_INSTRUCTION (SIGILL) at random during use of app. Bug in AppKit?

    - by Ger Teunis
    I'm currently testing a new version of an app of mine on OSX 10.5 An user reported some weird crashes during use of the application, sadly not reproducible by me. At first sight it seems to happen randomly, once he had the crash while opening an NSOpenPanel and once during focusing an NSTextField and once during NSView switch in a parent view. If you have any idea which area I should look at it would be greatly appreciated! I'm completely lost here. App is compiled in XCode 3.2.1 with SDK 10.5 and targetted at 10.5 He send me these crashes: Crash 1 Process: NZBVortex [43622] Path: /Users/cero/Downloads/NZBVortex.app/Contents/MacOS/NZBVortex Identifier: com.NZBVortex.NZBVortex Version: 0.5.5 (0.5.5) Code Type: X86-64 (Native) Parent Process: launchd [97] Interval Since Last Report: 1951 sec Crashes Since Last Report: 1 Per-App Interval Since Last Report: 1858 sec Per-App Crashes Since Last Report: 1 Date/Time: 2010-03-23 23:43:49.671 +0100 OS Version: Mac OS X 10.5.8 (9L31a) Report Version: 6 Anonymous UUID: 98AB0386-590B-4E0D-B7AC-3F7AA4E7238E Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Crashed Thread: 0 Application Specific Information: objc[43622]: alt handlers in objc runtime are buggy! - Hide quoted text - Thread 0 Crashed: 0 libobjc.A.dylib 0x00007fff82baef6e _objc_fatal + 238 1 libobjc.A.dylib 0x00007fff82bb2ea4 objc_addExceptionHandler + 302 2 com.apple.CoreFoundation 0x00007fff842b1090 _CFDoExceptionOperation + 528 3 com.apple.AppKit 0x00007fff81f75e26 _NSAppKitLock + 81 4 com.apple.AppKit 0x00007fff81f80f8f -[NSView nextKeyView] + 56 5 com.apple.AppKit 0x00007fff81f81018 -[NSView _primitiveSetNextKeyView:] + 72 6 com.apple.AppKit 0x00007fff820732b1 -[NSView _recursiveSetDefaultKeyViewLoop] + 242 7 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 8 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 9 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 10 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 11 com.apple.AppKit 0x00007fff82072fc3 -[NSView _setDefaultKeyViewLoop] + 279 12 com.apple.AppKit 0x00007fff82072e70 -[NSWindow recalculateKeyViewLoop] + 36 13 com.apple.AppKit 0x00007fff821dd149 -[NSSavePanel(NSSavePanelRuntime) _loadPreviousModeAndLayout] + 39 14 com.apple.AppKit 0x00007fff821dcf9e -[NSSavePanel(NSSavePanelRuntime) runModalForDirectory:file:types:] + 71 15 com.NZBVortex.NZBVortex 0x000000010000b7ee -[MainWindowViewController openNZBFileButtonClick:] + 62 16 com.apple.AppKit 0x00007fff821c96bf -[NSToolbarButton sendAction:to:] + 77 17 com.apple.AppKit 0x00007fff821c8bb7 -[NSToolbarItemViewer mouseDown:] + 5362 18 com.apple.AppKit 0x00007fff82082783 -[NSWindow sendEvent:] + 5068 19 com.apple.AppKit 0x00007fff8204fd46 -[NSApplication sendEvent:] + 5089 20 com.apple.AppKit 0x00007fff81faa562 -[NSApplication run] + 497 21 com.apple.AppKit 0x00007fff81f772f0 NSApplicationMain + 373 22 com.NZBVortex.NZBVortex 0x0000000100012a69 main + 9 23 com.NZBVortex.NZBVortex 0x0000000100001a84 start + 52 Crash 2 Process: NZBVortex [43600] Path: /Users/cero/Downloads/NZBVortex.app/Contents/MacOS/NZBVortex Identifier: com.NZBVortex.NZBVortex Version: 0.5.5 (0.5.5) Code Type: X86-64 (Native) Parent Process: launchd [97] Interval Since Last Report: 727 sec Crashes Since Last Report: 1 Per-App Interval Since Last Report: 616 sec Per-App Crashes Since Last Report: 1 Date/Time: 2010-03-23 23:11:20.000 +0100 OS Version: Mac OS X 10.5.8 (9L31a) Report Version: 6 Anonymous UUID: 98AB0386-590B-4E0D-B7AC-3F7AA4E7238E Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Crashed Thread: 0 Application Specific Information: objc[43600]: alt handlers in objc runtime are buggy! Thread 0 Crashed: 0 libobjc.A.dylib 0x00007fff82baef6e _objc_fatal + 238 1 libobjc.A.dylib 0x00007fff82bb2ea4 objc_addExceptionHandler + 302 2 com.apple.CoreFoundation 0x00007fff842b1090 _CFDoExceptionOperation + 528 3 com.apple.AppKit 0x00007fff81f75e26 _NSAppKitLock + 81 4 com.apple.AppKit 0x00007fff81f80f8f -[NSView nextKeyView] + 56 5 com.apple.AppKit 0x00007fff81f81018 -[NSView _primitiveSetNextKeyView:] + 72 6 com.apple.AppKit 0x00007fff820732b1 -[NSView _recursiveSetDefaultKeyViewLoop] + 242 7 com.apple.AppKit 0x00007fff82156700 -[NSTabView _recursiveSetDefaultKeyViewLoop] + 119 8 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 9 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 10 com.apple.AppKit 0x00007fff82072fc3 -[NSView _setDefaultKeyViewLoop] + 279 11 com.apple.AppKit 0x00007fff82072e70 -[NSWindow recalculateKeyViewLoop] + 36 12 com.NZBVortex.NZBVortex 0x000000010000b527 -[MainWindowViewController showView:sender:] + 1639 13 com.NZBVortex.NZBVortex 0x000000010000ae6b -[MainWindowViewController preferencesSaveAlertDidEnd:returnCode:contextInfo:] + 91 14 com.apple.AppKit 0x00007fff82224291 -[NSAlert didEndAlert:returnCode:contextInfo:] + 107 15 com.apple.AppKit 0x00007fff82224197 -[NSAlert buttonPressed:] + 279 16 com.apple.AppKit 0x00007fff82085d46 -[NSApplication sendAction:to:from:] + 97 17 com.apple.AppKit 0x00007fff82085c7f -[NSControl sendAction:to:] + 97 18 com.apple.AppKit 0x00007fff820851b0 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 1841 19 com.apple.AppKit 0x00007fff820849d6 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 611 20 com.apple.AppKit 0x00007fff8208422f -[NSControl mouseDown:] + 735 21 com.apple.AppKit 0x00007fff82082783 -[NSWindow sendEvent:] + 5068 22 com.apple.AppKit 0x00007fff8204fd46 -[NSApplication sendEvent:] + 5089 23 com.apple.AppKit 0x00007fff81faa562 -[NSApplication run] + 497 24 com.apple.AppKit 0x00007fff81f772f0 NSApplicationMain + 373 25 com.NZBVortex.NZBVortex 0x0000000100012a69 main + 9 26 com.NZBVortex.NZBVortex 0x0000000100001a84 start + 52 Crash 3 Process: NZBVortex [43520] Path: /Users/cero/Downloads/NZBVortex.app/Contents/MacOS/NZBVortex Identifier: com.NZBVortex.NZBVortex Version: 0.5.5 (0.5.5) Code Type: X86-64 (Native) Parent Process: launchd [97] Interval Since Last Report: 23487 sec Crashes Since Last Report: 2 Per-App Interval Since Last Report: 2025 sec Per-App Crashes Since Last Report: 1 Date/Time: 2010-03-23 22:59:05.484 +0100 OS Version: Mac OS X 10.5.8 (9L31a) Report Version: 6 Anonymous UUID: 98AB0386-590B-4E0D-B7AC-3F7AA4E7238E Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Crashed Thread: 0 Application Specific Information: objc[43520]: alt handlers in objc runtime are buggy! Thread 0 Crashed: 0 libobjc.A.dylib 0x00007fff82baef6e _objc_fatal + 238 1 libobjc.A.dylib 0x00007fff82bb2ea4 objc_addExceptionHandler + 302 2 com.apple.CoreFoundation 0x00007fff842b1090 _CFDoExceptionOperation + 528 3 com.apple.AppKit 0x00007fff81f75e26 _NSAppKitLock + 81 4 com.apple.AppKit 0x00007fff81f80f8f -[NSView nextKeyView] + 56 5 com.apple.AppKit 0x00007fff81f81018 -[NSView _primitiveSetNextKeyView:] + 72 6 com.apple.AppKit 0x00007fff820732b1 -[NSView _recursiveSetDefaultKeyViewLoop] + 242 7 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 8 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 9 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 10 com.apple.AppKit 0x00007fff82073300 -[NSView _recursiveSetDefaultKeyViewLoop] + 321 11 com.apple.AppKit 0x00007fff82072fc3 -[NSView _setDefaultKeyViewLoop] + 279 12 com.apple.AppKit 0x00007fff82072e70 -[NSWindow recalculateKeyViewLoop] + 36 13 com.apple.AppKit 0x00007fff821dd149 -[NSSavePanel(NSSavePanelRuntime) _loadPreviousModeAndLayout] + 39 14 com.apple.AppKit 0x00007fff821dcf9e -[NSSavePanel(NSSavePanelRuntime) runModalForDirectory:file:types:] + 71 15 com.NZBVortex.NZBVortex 0x000000010000b7ee -[MainWindowViewController openNZBFileButtonClick:] + 62 16 com.apple.AppKit 0x00007fff821c96bf -[NSToolbarButton sendAction:to:] + 77 17 com.apple.AppKit 0x00007fff821c8bb7 -[NSToolbarItemViewer mouseDown:] + 5362 18 com.apple.AppKit 0x00007fff82082783 -[NSWindow sendEvent:] + 5068 19 com.apple.AppKit 0x00007fff8204fd46 -[NSApplication sendEvent:] + 5089 20 com.apple.AppKit 0x00007fff81faa562 -[NSApplication run] + 497 21 com.apple.AppKit 0x00007fff81f772f0 NSApplicationMain + 373 22 com.NZBVortex.NZBVortex 0x0000000100012a69 main + 9 23 com.NZBVortex.NZBVortex 0x0000000100001a84 start + 52

    Read the article

  • Help required in adding new methods, properties into existing classes dynamically

    - by Bepenfriends
    Hi All, I am not sure whether it is possible to achieve this kind of implementation in Dot Net. Below are the information Currently we are on an application which is done in COM+, ASP, XSL, XML technologies. It is a multi tier architecture application in which COM+ acts as the BAL. The execution steps for any CRUD operation will be defined using a seperate UI which uses XML to store the information. BAL reads the XML and understands the execution steps which are defined and executes corresponding methods in DLL. Much like EDM we have our custom model (using XML) which determines which property of object is searchable, retrievable etc. Based on this information BAL constructs queries and calls procedures to get the data. In the current application both BAL and DAL are heavily customizable without doing any code change. the results will be transmitted to presentation layer in XML format which constructs the UI based on the data recieved. Now I am creating a migration project which deals with employee information. It is also going to follow the N Tier architecture in which the presentation layer communicates with BAL which connects to DAL to return the Data. Here is the problem, In our existing version we are handling every information as XML in its native form (no converstion of object etc), but in the migration project, Team is really interested in utilizing the OOP model of development where every information which is sent from BAL need to be converted to objects of its respective types (example employeeCollection, Address Collection etc). If we have the static number of data returned from BAL we can have a class which contains those nodes as properties and we can access the same. But in our case the data returned from our BAL need to be customized. How can we handle the customization in presentation layer which is converting the result to an Object. Below is an example of the XML returned <employees> <employee> <firstName>Employee 1 First Name</firstName> <lastName>Employee 1 Last Name</lastName> <addresses> <address> <addressType>1</addressType> <StreetName>Street name1</StreetName> <RegionName>Region name</RegionName> <address> <address> <addressType>2</addressType> <StreetName>Street name2</StreetName> <RegionName>Region name</RegionName> <address> <address> <addressType>3</addressType> <StreetName>Street name3</StreetName> <RegionName>Region name</RegionName> <address> <addresses> </employee> <employee> <firstName>Employee 2 First Name</firstName> <lastName>Employee 2 Last Name</lastName> <addresses> <address> <addressType>1</addressType> <StreetName>Street name1</StreetName> <RegionName>Region name</RegionName> <address> <address> <addressType>2</addressType> <StreetName>Street name2</StreetName> <RegionName>Region name</RegionName> <address> <addresses> </employee> </employees> If these are the only columns then i can write a class which is like public class Address{ public int AddressType {get;set;}; public string StreetName {get;set;}; public string RegionName {get;set;}; } public class Employee{ public string FirstName {get; set;} public string LastName {get; set;} public string AddressCollection {get; set;} } public class EmployeeCollection : List<Employee>{ public bool Add (Employee Data){ .... } } public class AddressCollection : List<Address>{ public bool Add (Address Data){ .... } } This class will be provided to customers and consultants as DLLs. We will not provide the source code for the same. Now when the consultants or customers does customization(example adding country to address and adding passport information object with employee object) they must be able to access those properties in these classes, but without source code they will not be able to do those modifications.which makes the application useless. Is there is any way to acomplish this in DotNet. I thought of using Anonymous classes but, the problem with Anonymous classes are we can not have methods in it. I am not sure how can i fit the collection objects (which will be inturn an anonymous class) Not sure about datagrid / user control binding etc. I also thought of using CODEDom to create classes runtime but not sure about the meory, performance issues. also the classes must be created only once and must use the same till there is another change. Kindly help me out in this problem. Any kind of help meterial/ cryptic code/ links will be helpful.

    Read the article

  • SVN repository host for pet projects.

    - by cbrandolino
    Hi! I need a subversion repository for a couple of projects I'm working on with friends/colleagues, in particular one that: Is cheap; Has an high data storage/transfer limit; Does not have unlimited users (they would be ~10); Does not have public anonymous co capabilities (I don't mind them, but usually they have an influence on the cost). Why don't you just install an SVN server on a machine of yours? Because the remote ones host stuff that is vital to clients, while those we have at home are a mess already. Distributed versioning systems? They're cool and everything, but everybody (in the subset "people-I-would-work-with" knows how to use subversion - and really, the easier the better.

    Read the article

  • Is GoDaddy telling the truth? [closed]

    - by Omne
    Everyone who is familiar with GoDaddy or even web business should know about the recent news about GoDaddy. There are just so many different news around the web that I can't process them in my head... http://articles.cnn.com/2012-09-10/tech/tech_web_go-daddy-outage_1_godaddy-outage-websites http://bits.blogs.nytimes.com/2012/09/10/member-of-anonymous-takes-credit-for-godaddy-attack/ And OFC GoDaddy says there were no hacker and costumer data is safe! I have used GoDaddy for long time and I'm not going to change my provider just for this problem, but I'm worry about my information... how can we make sure that GoDaddy is telling the truth? is our information really safe? I have not received any security alert from them telling me to change my password, should I assume that I'm safe?!

    Read the article

  • HTG Explains: How Private Browsing Works and Why It Doesn’t Offer Complete Privacy

    - by Chris Hoffman
    Private Browsing, InPrivate Browsing, Incognito Mode – it has a lot of names, but it’s the same basic feature in every browser. Private browsing offers some improved privacy, but it’s not a silver bullet that makes you completely anonymous online. Private Browsing mode changes the way your browser behaves, whether you’re using Mozilla Firefox, Google Chrome, Internet Explorer, Apple Safari, Opera or any other browser – but it doesn’t change the way anything else behaves. How to Banish Duplicate Photos with VisiPic How to Make Your Laptop Choose a Wired Connection Instead of Wireless HTG Explains: What Is Two-Factor Authentication and Should I Be Using It?

    Read the article

  • Different behaviour with windows authentication on IIS7 websites

    - by amaters
    I need to run a website with just windows authentication. Given the following situation: The location of the default website is: c:\inetpub\wwwroot The location of my code is: c:\Sites\WebApp my hostfile is edited so any .local i use points to 127.0.0.1 I have created a new application called 'AppX' underneath the default website and point it to c:\Sites\WebApp. It will use the DefaultappPool. When I switch off anonymous and switch on windows authentication all works well when I go to localhost/AppX/. What i really want is a new website (No need to question why I want this). So I created Website2 and did exact the same creation of the application. Everything is the same; destination, app pool and authentication. Now when I browse to this website web2.local/AppX/ I get the 401.2 - Unauthorized error. What am I missing here?

    Read the article

  • ASP.NET WebAPI Security 2: Identity Architecture

    - by Your DisplayName here!
    Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for security. The first important takeaway is that WebAPI is hosting independent-  currently it ships with two host integration implementations – one for ASP.NET (aka web host) and WCF (aka self host). Pedro nicely shows the integration into the web host. Self hosting is not done yet so we will mainly focus on the web hosting case and I will point out security related differences when they exist. The interesting part for security (amongst other things of course) is the HttpControllerHandler (see Pedro’s diagram) – this is where the host specific representation of an HTTP request gets converted to the WebAPI abstraction (called HttpRequestMessage). The ConvertRequest method does the following: Create a new HttpRequestMessage. Copy URI, method and headers from the HttpContext. Copies HttpContext.User to the Properties<string, object> dictionary on the HttpRequestMessage. The key used for that can be found on HttpPropertyKeys.UserPrincipalKey (which resolves to “MS_UserPrincipal”). So the consequence is that WebAPI receives whatever IPrincipal has been set by the ASP.NET pipeline (in the web hosting case). Common questions are: Are there situations where is property does not get set? Not in ASP.NET – the DefaultAuthenticationModule in the HTTP pipeline makes sure HttpContext.User (and Thread.CurrentPrincipal – more on that later) are always set. Either to some authenticated user – or to an anonymous principal. This may be different in other hosting environments (again more on that later). Why so generic? Keep in mind that WebAPI is hosting independent and may run on a host that materializes identity completely different compared to ASP.NET (or .NET in general). This gives them a way to evolve the system in the future. How does WebAPI code retrieve the current client identity? HttpRequestMessage has an extension method called GetUserPrincipal() which returns the property as an IPrincipal. A quick look at self hosting shows that the moral equivalent of HttpControllerHandler.ConvertRequest() is HttpSelfHostServer.ProcessRequestContext(). Here the principal property gets only set when the host is configured for Windows authentication (inconsisteny). Do I like that? Well – yes and no. Here are my thoughts: I like that it is very straightforward to let WebAPI inherit the client identity context of the host. This might not always be what you want – think of an ASP.NET app that consists of UI and APIs – the UI might use Forms authentication, the APIs token based authentication. So it would be good if the two parts would live in a separate security world. It makes total sense to have this generic hand off point for identity between the host and WebAPI. It also makes total sense for WebAPI plumbing code (especially handlers) to use the WebAPI specific identity abstraction. But – c’mon we are running on .NET. And the way .NET represents identity is via IPrincipal/IIdentity. That’s what every .NET developer on this planet is used to. So I would like to see a User property of type IPrincipal on ApiController. I don’t like the fact that Thread.CurrentPrincipal is not populated. T.CP is a well established pattern as a one stop shop to retrieve client identity on .NET.  That makes a lot of sense – even if the name is misleading at best. There might be existing library code you want to call from WebAPI that makes use of T.CP (e.g. PrincipalPermission, or a simple .Name or .IsInRole()). Having the client identity as an ambient property is useful for code that does not have access to the current HTTP request (for calling GetUserPrincipal()). I don’t like the fact that that the client identity conversion from host to WebAPI is inconsistent. This makes writing security plumbing code harder. I think the logic should always be: If the host has a client identity representation, copy it. If not, set an anonymous principal on the request message. Btw – please don’t annoy me with the “but T.CP is static, and static is bad for testing” chant. T.CP is a getter/setter and, in fact I find it beneficial to be able to set different security contexts in unit tests before calling in some logic. And, in case you have wondered – T.CP is indeed thread static (and the name comes from a time where a logical operation was bound to a thread – which is not true anymore). But all thread creation APIs in .NET actually copy T.CP to the new thread they create. This is the case since .NET 2.0 and is certainly an improvement compared to how Win32 does things. So to sum it up: The host plumbing copies the host client identity to WebAPI (this is not perfect yet, but will surely be improved). or in other words: The current WebAPI bits don’t ship with any authentication plumbing, but solely use whatever authentication (and thus client identity) is set up by the host. WebAPI developers can retrieve the client identity from the HttpRequestMessage. Hopefully my proposed changes around T.CP and the User property on ApiController will be added. In the next post, I will detail how to add WebAPI specific authentication support, e.g. for Basic Authentication and tokens. This includes integrating the notion of claims based identity. After that we will look at the built-in authorization bits and how to improve them as well. Stay tuned.

    Read the article

  • Finding an alert in the middle of your javascript

    - by Ariel Popovsky
    I was debugging a script injection issue the other day using some sample code with an alert in it. The alert was popping out meaning the code got executed leaving open the possibility for a hacker to put there some nasty malicious code. I knew my alert was being executed but didn’t know how. So I tried something that worked perfectly for this problem, replaced the native alert function with my own one. All I had to do in Chrome was open the javascript console and type: alert = function(msg){ console.log(msg); console.trace(); }; The next time the malicious code was executed, instead of the regular alert I got something similar to this:   alert("testing") testing console.trace() alert:2 (anonymous function):2 InjectedScript._evaluateOn:312 InjectedScript._evaluateAndWrap:294 InjectedScript.evaluate:288 undefined In my case I was able to see what was going on and find the offending function. This was tested on Firebug in Firefox and it works as.

    Read the article

  • Token based Authentication for WCF HTTP/REST Services: Authentication

    - by Your DisplayName here!
    This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only possible approach to tackle the problem. Based on customer feedback and requirements the code has gone through several iterations to a point where we think it is ready to handle most of the situations. Goals and requirements The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication The framework should allow adding new supported token types Should work with WCF web programming model either self-host or IIS hosted Service code can rely on an IClaimsPrincipal on Thread.CurrentPrincipal that describes the client using claims-based identity Implementation overview In WCF the main extensibility point for this kind of security work is the ServiceAuthorizationManager. It gets invoked early enough in the pipeline, has access to the HTTP protocol details of the incoming request and can set Thread.CurrentPrincipal. The job of the SAM is simple: Check the Authorization header of the incoming HTTP request Check if a “registered” token (more on that later) is present If yes, validate the token using a security token handler, create the claims principal (including claims transformation) and set Thread.CurrentPrincipal If no, set an anonymous principal on Thread.CurrentPrincipal. By default, anonymous principals are denied access – so the request ends here with a 401 (more on that later). To wire up the custom authorization manager you need a custom service host – which in turn needs a custom service host factory. The full object model looks like this: Token handling A nice piece of existing WIF infrastructure are security token handlers. Their job is to serialize a received security token into a CLR representation, validate the token and turn the token into claims. The way this works with WS-Security based services is that WIF passes the name/namespace of the incoming token to WIF’s security token handler collection. This in turn finds out which token handler can deal with the token and returns the right instances. For HTTP based services we can do something very similar. The scheme on the Authorization header gives the service a hint how to deal with an incoming token. So the only missing link is a way to associate a token handler (or multiple token handlers) with a scheme and we are (almost) done. WIF already includes token handler for a variety of tokens like username/password or SAML 1.1/2.0. The accompanying sample has a implementation for a Simple Web Token (SWT) token handler, and as soon as JSON Web Token are ready, simply adding a corresponding token handler will add support for this token type, too. All supported schemes/token types are organized in a WebSecurityTokenHandlerCollectionManager and passed into the host factory/host/authorization manager. Adding support for basic authentication against a membership provider would e.g. look like this (in global.asax): var manager = new WebSecurityTokenHandlerCollectionManager(); manager.AddBasicAuthenticationHandler((username, password) => Membership.ValidateUser(username, password));   Adding support for Simple Web Tokens with a scheme of Bearer (the current OAuth2 scheme) requires passing in a issuer, audience and signature verification key: manager.AddSimpleWebTokenHandler(     "Bearer",     "http://identityserver.thinktecture.com/trust/initial",     "https://roadie/webservicesecurity/rest/",     "WFD7i8XRHsrUPEdwSisdHoHy08W3lM16Bk6SCT8ht6A="); In some situations, SAML token may be used as well. The following configures SAML support for a token coming from ADFS2: var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer( "d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add( new Uri("https://roadie/webservicesecurity/rest/")); adfsConfig.IssuerNameRegistry = registry; adfsConfig.CertificateValidator = X509CertificateValidator.None; // token decryption (read from config) adfsConfig.ServiceTokenResolver = IdentityModelConfiguration.ServiceConfiguration.CreateAggregateTokenResolver();             manager.AddSaml11SecurityTokenHandler("SAML", adfsConfig);   Transformation The custom authorization manager will also try to invoke a configured claims authentication manager. This means that the standard WIF claims transformation logic can be used here as well. And even better, can be also shared with e.g. a “surrounding” web application. Error handling A WCF error handler takes care of turning “access denied” faults into 401 status codes and a message inspector adds the registered authentication schemes to the outgoing WWW-Authenticate header when a 401 occurs. The next post will conclude with authorization as well as the source code download.   (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

    Read the article

  • Strategies for very fast delivery of webpages.

    - by Cherian
    I run a website Cucumbertown with an initial pay load of nearly 9KB zipped. All my js is delayed loaded with requirejs and modernizer is the only exception. Now all my webpages are Nginx cached and only 10-15% hits go to the backend proxy. And the cache is invalidated by logged in users as proxy_cache_bypass. So for an anonymous user its nearly always a cache hit. I have some basic OS tuning with default via ip dev eth0 initcwnd 15 net.ipv4.tcp_slow_start_after_idle 0 Despite an all cache & large initcwnd my pages still take 2.5 – 3 seconds. I have a yslow score of And page speed at Are there strategies that can help deliver webpages even faster than this? Deliver pages at 1+ second time for 10KB payload? Notes: My servers run of a fairly good data center from Linode at Fremont.

    Read the article

  • Using the ASP.NET Cache to cache data in a Model or Business Object layer, without a dependency on System.Web in the layer - Part One.

    - by Rhames
    ASP.NET applications can make use of the System.Web.Caching.Cache object to cache data and prevent repeated expensive calls to a database or other store. However, ideally an application should make use of caching at the point where data is retrieved from the database, which typically is inside a Business Objects or Model layer. One of the key features of using a UI pattern such as Model-View-Presenter (MVP) or Model-View-Controller (MVC) is that the Model and Presenter (or Controller) layers are developed without any knowledge of the UI layer. Introducing a dependency on System.Web into the Model layer would break this independence of the Model from the View. This article gives a solution to this problem, using dependency injection to inject the caching implementation into the Model layer at runtime. This allows caching to be used within the Model layer, without any knowledge of the actual caching mechanism that will be used. Create a sample application to use the caching solution Create a test SQL Server database This solution uses a SQL Server database with the same Sales data used in my previous post on calculating running totals. The advantage of using this data is that it gives nice slow queries that will exaggerate the effect of using caching! To create the data, first create a new SQL database called CacheSample. Next run the following script to create the Sale table and populate it: USE CacheSample GO   CREATE TABLE Sale(DayCount smallint, Sales money) CREATE CLUSTERED INDEX ndx_DayCount ON Sale(DayCount) go INSERT Sale VALUES (1,120) INSERT Sale VALUES (2,60) INSERT Sale VALUES (3,125) INSERT Sale VALUES (4,40)   DECLARE @DayCount smallint, @Sales money SET @DayCount = 5 SET @Sales = 10   WHILE @DayCount < 5000  BEGIN  INSERT Sale VALUES (@DayCount,@Sales)  SET @DayCount = @DayCount + 1  SET @Sales = @Sales + 15  END Next create a stored procedure to calculate the running total, and return a specified number of rows from the Sale table, using the following script: USE [CacheSample] GO   SET ANSI_NULLS ON GO   SET QUOTED_IDENTIFIER ON GO   -- ============================================= -- Author:        Robin -- Create date: -- Description:   -- ============================================= CREATE PROCEDURE [dbo].[spGetRunningTotals]       -- Add the parameters for the stored procedure here       @HighestDayCount smallint = null AS BEGIN       -- SET NOCOUNT ON added to prevent extra result sets from       -- interfering with SELECT statements.       SET NOCOUNT ON;         IF @HighestDayCount IS NULL             SELECT @HighestDayCount = MAX(DayCount) FROM dbo.Sale                   DECLARE @SaleTbl TABLE (DayCount smallint, Sales money, RunningTotal money)         DECLARE @DayCount smallint,                   @Sales money,                   @RunningTotal money         SET @RunningTotal = 0       SET @DayCount = 0         DECLARE rt_cursor CURSOR       FOR       SELECT DayCount, Sales       FROM Sale       ORDER BY DayCount         OPEN rt_cursor         FETCH NEXT FROM rt_cursor INTO @DayCount,@Sales         WHILE @@FETCH_STATUS = 0 AND @DayCount <= @HighestDayCount        BEGIN        SET @RunningTotal = @RunningTotal + @Sales        INSERT @SaleTbl VALUES (@DayCount,@Sales,@RunningTotal)        FETCH NEXT FROM rt_cursor INTO @DayCount,@Sales        END         CLOSE rt_cursor       DEALLOCATE rt_cursor         SELECT DayCount, Sales, RunningTotal       FROM @SaleTbl   END   GO   Create the Sample ASP.NET application In Visual Studio create a new solution and add a class library project called CacheSample.BusinessObjects and an ASP.NET web application called CacheSample.UI. The CacheSample.BusinessObjects project will contain a single class to represent a Sale data item, with all the code to retrieve the sales from the database included in it for simplicity (normally I would at least have a separate Repository or other object that is responsible for retrieving data, and probably a data access layer as well, but for this sample I want to keep it simple). The C# code for the Sale class is shown below: using System; using System.Collections.Generic; using System.Data; using System.Data.SqlClient;   namespace CacheSample.BusinessObjects {     public class Sale     {         public Int16 DayCount { get; set; }         public decimal Sales { get; set; }         public decimal RunningTotal { get; set; }           public static IEnumerable<Sale> GetSales(int? highestDayCount)         {             List<Sale> sales = new List<Sale>();               SqlParameter highestDayCountParameter = new SqlParameter("@HighestDayCount", SqlDbType.SmallInt);             if (highestDayCount.HasValue)                 highestDayCountParameter.Value = highestDayCount;             else                 highestDayCountParameter.Value = DBNull.Value;               string connectionStr = System.Configuration.ConfigurationManager .ConnectionStrings["CacheSample"].ConnectionString;               using(SqlConnection sqlConn = new SqlConnection(connectionStr))             using (SqlCommand sqlCmd = sqlConn.CreateCommand())             {                 sqlCmd.CommandText = "spGetRunningTotals";                 sqlCmd.CommandType = CommandType.StoredProcedure;                 sqlCmd.Parameters.Add(highestDayCountParameter);                   sqlConn.Open();                   using (SqlDataReader dr = sqlCmd.ExecuteReader())                 {                     while (dr.Read())                     {                         Sale newSale = new Sale();                         newSale.DayCount = dr.GetInt16(0);                         newSale.Sales = dr.GetDecimal(1);                         newSale.RunningTotal = dr.GetDecimal(2);                           sales.Add(newSale);                     }                 }             }               return sales;         }     } }   The static GetSale() method makes a call to the spGetRunningTotals stored procedure and then reads each row from the returned SqlDataReader into an instance of the Sale class, it then returns a List of the Sale objects, as IEnnumerable<Sale>. A reference to System.Configuration needs to be added to the CacheSample.BusinessObjects project so that the connection string can be read from the web.config file. In the CacheSample.UI ASP.NET project, create a single web page called ShowSales.aspx, and make this the default start up page. This page will contain a single button to call the GetSales() method and a label to display the results. The html mark up and the C# code behind are shown below: ShowSales.aspx <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ShowSales.aspx.cs" Inherits="CacheSample.UI.ShowSales" %>   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">   <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server">     <title>Cache Sample - Show All Sales</title> </head> <body>     <form id="form1" runat="server">     <div>         <asp:Button ID="btnTest1" runat="server" onclick="btnTest1_Click"             Text="Get All Sales" />         &nbsp;&nbsp;&nbsp;         <asp:Label ID="lblResults" runat="server"></asp:Label>         </div>     </form> </body> </html>   ShowSales.aspx.cs using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls;   using CacheSample.BusinessObjects;   namespace CacheSample.UI {     public partial class ShowSales : System.Web.UI.Page     {         protected void Page_Load(object sender, EventArgs e)         {         }           protected void btnTest1_Click(object sender, EventArgs e)         {             System.Diagnostics.Stopwatch stopWatch = new System.Diagnostics.Stopwatch();             stopWatch.Start();               var sales = Sale.GetSales(null);               var lastSales = sales.Last();               stopWatch.Stop();               lblResults.Text = string.Format( "Count of Sales: {0}, Last DayCount: {1}, Total Sales: {2}. Query took {3} ms", sales.Count(), lastSales.DayCount, lastSales.RunningTotal, stopWatch.ElapsedMilliseconds);         }       } }   Finally we need to add a connection string to the CacheSample SQL Server database, called CacheSample, to the web.config file: <?xmlversion="1.0"?>   <configuration>    <connectionStrings>     <addname="CacheSample"          connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;Initial Catalog=CacheSample"          providerName="System.Data.SqlClient" />  </connectionStrings>    <system.web>     <compilationdebug="true"targetFramework="4.0" />  </system.web>   </configuration>   Run the application and click the button a few times to see how long each call to the database takes. On my system, each query takes about 450ms. Next I shall look at a solution to use the ASP.NET caching to cache the data returned by the query, so that subsequent requests to the GetSales() method are much faster. Adding Data Caching Support I am going to create my caching support in a separate project called CacheSample.Caching, so the next step is to add a class library to the solution. We shall be using the application configuration to define the implementation of our caching system, so we need a reference to System.Configuration adding to the project. ICacheProvider<T> Interface The first step in adding caching to our application is to define an interface, called ICacheProvider, in the CacheSample.Caching project, with methods to retrieve any data from the cache or to retrieve the data from the data source if it is not present in the cache. Dependency Injection will then be used to inject an implementation of this interface at runtime, allowing the users of the interface (i.e. the CacheSample.BusinessObjects project) to be completely unaware of how the caching is actually implemented. As data of any type maybe retrieved from the data source, it makes sense to use generics in the interface, with a generic type parameter defining the data type associated with a particular instance of the cache interface implementation. The C# code for the ICacheProvider interface is shown below: using System; using System.Collections.Generic;   namespace CacheSample.Caching {     public interface ICacheProvider     {     }       public interface ICacheProvider<T> : ICacheProvider     {         T Fetch(string key, Func<T> retrieveData, DateTime? absoluteExpiry, TimeSpan? relativeExpiry);           IEnumerable<T> Fetch(string key, Func<IEnumerable<T>> retrieveData, DateTime? absoluteExpiry, TimeSpan? relativeExpiry);     } }   The empty non-generic interface will be used as a type in a Dictionary generic collection later to store instances of the ICacheProvider<T> implementation for reuse, I prefer to use a base interface when doing this, as I think the alternative of using object makes for less clear code. The ICacheProvider<T> interface defines two overloaded Fetch methods, the difference between these is that one will return a single instance of the type T and the other will return an IEnumerable<T>, providing support for easy caching of collections of data items. Both methods will take a key parameter, which will uniquely identify the cached data, a delegate of type Func<T> or Func<IEnumerable<T>> which will provide the code to retrieve the data from the store if it is not present in the cache, and absolute or relative expiry policies to define when a cached item should expire. Note that at present there is no support for cache dependencies, but I shall be showing a method of adding this in part two of this article. CacheProviderFactory Class We need a mechanism of creating instances of our ICacheProvider<T> interface, using Dependency Injection to get the implementation of the interface. To do this we shall create a CacheProviderFactory static class in the CacheSample.Caching project. This factory will provide a generic static method called GetCacheProvider<T>(), which shall return instances of ICacheProvider<T>. We can then call this factory method with the relevant data type (for example the Sale class in the CacheSample.BusinessObject project) to get a instance of ICacheProvider for that type (e.g. call CacheProviderFactory.GetCacheProvider<Sale>() to get the ICacheProvider<Sale> implementation). The C# code for the CacheProviderFactory is shown below: using System; using System.Collections.Generic;   using CacheSample.Caching.Configuration;   namespace CacheSample.Caching {     public static class CacheProviderFactory     {         private static Dictionary<Type, ICacheProvider> cacheProviders = new Dictionary<Type, ICacheProvider>();         private static object syncRoot = new object();           ///<summary>         /// Factory method to create or retrieve an implementation of the  /// ICacheProvider interface for type <typeparamref name="T"/>.         ///</summary>         ///<typeparam name="T">  /// The type that this cache provider instance will work with  ///</typeparam>         ///<returns>An instance of the implementation of ICacheProvider for type  ///<typeparamref name="T"/>, as specified by the application  /// configuration</returns>         public static ICacheProvider<T> GetCacheProvider<T>()         {             ICacheProvider<T> cacheProvider = null;             // Get the Type reference for the type parameter T             Type typeOfT = typeof(T);               // Lock the access to the cacheProviders dictionary             // so multiple threads can work with it             lock (syncRoot)             {                 // First check if an instance of the ICacheProvider implementation  // already exists in the cacheProviders dictionary for the type T                 if (cacheProviders.ContainsKey(typeOfT))                     cacheProvider = (ICacheProvider<T>)cacheProviders[typeOfT];                 else                 {                     // There is not already an instance of the ICacheProvider in       // cacheProviders for the type T                     // so we need to create one                       // Get the Type reference for the application's implementation of       // ICacheProvider from the configuration                     Type cacheProviderType = Type.GetType(CacheProviderConfigurationSection.Current. CacheProviderType);                     if (cacheProviderType != null)                     {                         // Now get a Type reference for the Cache Provider with the                         // type T generic parameter                         Type typeOfCacheProviderTypeForT = cacheProviderType.MakeGenericType(new Type[] { typeOfT });                         if (typeOfCacheProviderTypeForT != null)                         {                             // Create the instance of the Cache Provider and add it to // the cacheProviders dictionary for future use                             cacheProvider = (ICacheProvider<T>)Activator. CreateInstance(typeOfCacheProviderTypeForT);                             cacheProviders.Add(typeOfT, cacheProvider);                         }                     }                 }             }               return cacheProvider;                 }     } }   As this code uses Activator.CreateInstance() to create instances of the ICacheProvider<T> implementation, which is a slow process, the factory class maintains a Dictionary of the previously created instances so that a cache provider needs to be created only once for each type. The type of the implementation of ICacheProvider<T> is read from a custom configuration section in the application configuration file, via the CacheProviderConfigurationSection class, which is described below. CacheProviderConfigurationSection Class The implementation of ICacheProvider<T> will be specified in a custom configuration section in the application’s configuration. To handle this create a folder in the CacheSample.Caching project called Configuration, and add a class called CacheProviderConfigurationSection to this folder. This class will extend the System.Configuration.ConfigurationSection class, and will contain a single string property called CacheProviderType. The C# code for this class is shown below: using System; using System.Configuration;   namespace CacheSample.Caching.Configuration {     internal class CacheProviderConfigurationSection : ConfigurationSection     {         public static CacheProviderConfigurationSection Current         {             get             {                 return (CacheProviderConfigurationSection) ConfigurationManager.GetSection("cacheProvider");             }         }           [ConfigurationProperty("type", IsRequired=true)]         public string CacheProviderType         {             get             {                 return (string)this["type"];             }         }     } }   Adding Data Caching to the Sales Class We now have enough code in place to add caching to the GetSales() method in the CacheSample.BusinessObjects.Sale class, even though we do not yet have an implementation of the ICacheProvider<T> interface. We need to add a reference to the CacheSample.Caching project to CacheSample.BusinessObjects so that we can use the ICacheProvider<T> interface within the GetSales() method. Once the reference is added, we can first create a unique string key based on the method name and the parameter value, so that the same cache key is used for repeated calls to the method with the same parameter values. Then we get an instance of the cache provider for the Sales type, using the CacheProviderFactory, and pass the existing code to retrieve the data from the database as the retrievalMethod delegate in a call to the Cache Provider Fetch() method. The C# code for the modified GetSales() method is shown below: public static IEnumerable<Sale> GetSales(int? highestDayCount) {     string cacheKey = string.Format("CacheSample.BusinessObjects.GetSalesWithCache({0})", highestDayCount);       return CacheSample.Caching.CacheProviderFactory. GetCacheProvider<Sale>().Fetch(cacheKey,         delegate()         {             List<Sale> sales = new List<Sale>();               SqlParameter highestDayCountParameter = new SqlParameter("@HighestDayCount", SqlDbType.SmallInt);             if (highestDayCount.HasValue)                 highestDayCountParameter.Value = highestDayCount;             else                 highestDayCountParameter.Value = DBNull.Value;               string connectionStr = System.Configuration.ConfigurationManager. ConnectionStrings["CacheSample"].ConnectionString;               using (SqlConnection sqlConn = new SqlConnection(connectionStr))             using (SqlCommand sqlCmd = sqlConn.CreateCommand())             {                 sqlCmd.CommandText = "spGetRunningTotals";                 sqlCmd.CommandType = CommandType.StoredProcedure;                 sqlCmd.Parameters.Add(highestDayCountParameter);                   sqlConn.Open();                   using (SqlDataReader dr = sqlCmd.ExecuteReader())                 {                     while (dr.Read())                     {                         Sale newSale = new Sale();                         newSale.DayCount = dr.GetInt16(0);                         newSale.Sales = dr.GetDecimal(1);                         newSale.RunningTotal = dr.GetDecimal(2);                           sales.Add(newSale);                     }                 }             }               return sales;         },         null,         new TimeSpan(0, 10, 0)); }     This example passes the code to retrieve the Sales data from the database to the Cache Provider as an anonymous method, however it could also be written as a lambda. The main advantage of using an anonymous function (method or lambda) is that the code inside the anonymous function can access the parameters passed to the GetSales() method. Finally the absolute expiry is set to null, and the relative expiry set to 10 minutes, to indicate that the cache entry should be removed 10 minutes after the last request for the data. As the ICacheProvider<T> has a Fetch() method that returns IEnumerable<T>, we can simply return the results of the Fetch() method to the caller of the GetSales() method. This should be all that is needed for the GetSales() method to now retrieve data from a cache after the first time the data has be retrieved from the database. Implementing a ASP.NET Cache Provider The final step is to actually implement the ICacheProvider<T> interface, and add the implementation details to the web.config file for the dependency injection. The cache provider implementation needs to have access to System.Web. Therefore it could be placed in the CacheSample.UI project, or in its own project that has a reference to System.Web. Implementing the Cache Provider in a separate project is my favoured approach. Create a new project inside the solution called CacheSample.CacheProvider, and add references to System.Web and CacheSample.Caching to this project. Add a class to the project called AspNetCacheProvider. Make the class a generic class by adding the generic parameter <T> and indicate that the class implements ICacheProvider<T>. The C# code for the AspNetCacheProvider class is shown below: using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Caching;   using CacheSample.Caching;   namespace CacheSample.CacheProvider {     public class AspNetCacheProvider<T> : ICacheProvider<T>     {         #region ICacheProvider<T> Members           public T Fetch(string key, Func<T> retrieveData, DateTime? absoluteExpiry, TimeSpan? relativeExpiry)         {             return FetchAndCache<T>(key, retrieveData, absoluteExpiry, relativeExpiry);         }           public IEnumerable<T> Fetch(string key, Func<IEnumerable<T>> retrieveData, DateTime? absoluteExpiry, TimeSpan? relativeExpiry)         {             return FetchAndCache<IEnumerable<T>>(key, retrieveData, absoluteExpiry, relativeExpiry);         }           #endregion           #region Helper Methods           private U FetchAndCache<U>(string key, Func<U> retrieveData, DateTime? absoluteExpiry, TimeSpan? relativeExpiry)         {             U value;             if (!TryGetValue<U>(key, out value))             {                 value = retrieveData();                 if (!absoluteExpiry.HasValue)                     absoluteExpiry = Cache.NoAbsoluteExpiration;                   if (!relativeExpiry.HasValue)                     relativeExpiry = Cache.NoSlidingExpiration;                   HttpContext.Current.Cache.Insert(key, value, null, absoluteExpiry.Value, relativeExpiry.Value);             }             return value;         }           private bool TryGetValue<U>(string key, out U value)         {             object cachedValue = HttpContext.Current.Cache.Get(key);             if (cachedValue == null)             {                 value = default(U);                 return false;             }             else             {                 try                 {                     value = (U)cachedValue;                     return true;                 }                 catch                 {                     value = default(U);                     return false;                 }             }         }           #endregion       } }   The two interface Fetch() methods call a private method called FetchAndCache(). This method first checks for a element in the HttpContext.Current.Cache with the specified cache key, and if so tries to cast this to the specified type (either T or IEnumerable<T>). If the cached element is found, the FetchAndCache() method simply returns it. If it is not found in the cache, the method calls the retrievalMethod delegate to get the data from the data source, and then adds this to the HttpContext.Current.Cache. The final step is to add the AspNetCacheProvider class to the relevant custom configuration section in the CacheSample.UI.Web.Config file. To do this there needs to be a <configSections> element added as the first element in <configuration>. This will match a custom section called <cacheProvider> with the CacheProviderConfigurationSection. Then we add a <cacheProvider> element, with a type property set to the fully qualified assembly name of the AspNetCacheProvider class, as shown below: <?xmlversion="1.0"?>   <configuration>  <configSections>     <sectionname="cacheProvider" type="CacheSample.Base.Configuration.CacheProviderConfigurationSection, CacheSample.Base" />  </configSections>    <connectionStrings>     <addname="CacheSample"          connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;Initial Catalog=CacheSample"          providerName="System.Data.SqlClient" />  </connectionStrings>    <cacheProvidertype="CacheSample.CacheProvider.AspNetCacheProvider`1, CacheSample.CacheProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null">  </cacheProvider>    <system.web>     <compilationdebug="true"targetFramework="4.0" />  </system.web>   </configuration>   One point to note is that the fully qualified assembly name of the AspNetCacheProvider class includes the notation `1 after the class name, which indicates that it is a generic class with a single generic type parameter. The CacheSample.UI project needs to have references added to CacheSample.Caching and CacheSample.CacheProvider so that the actual application is aware of the relevant cache provider implementation. Conclusion After implementing this solution, you should have a working cache provider mechanism, that will allow the middle and data access layers to implement caching support when retrieving data, without any knowledge of the actually caching implementation. If the UI is not ASP.NET based, if for example it is Winforms or WPF, the implementation of ICacheProvider<T> would be written around whatever technology is available. It could even be a standalone caching system that takes full responsibility for adding and removing items from a global store. The next part of this article will show how this caching mechanism may be extended to provide support for cache dependencies, such as the System.Web.Caching.SqlCacheDependency. Another possible extension would be to cache the cache provider implementations instead of storing them in a static Dictionary in the CacheProviderFactory. This would prevent a build up of seldom used cache providers in the application memory, as they could be removed from the cache if not used often enough, although in reality there are probably unlikely to be vast numbers of cache provider implementation instances, as most applications do not have a massive number of business object or model types.

    Read the article

  • problems using evolution Contacts with an DavMail LDAP Proxy for an Exchange server

    - by WegDamit
    i have an davmail proxy setup for accessing an Exchnage 200x server. eMail works fine in Thunderbird and Evolution (IMAP...) LDAP Contacts/Address Book works in TB, but not on Evolution. It seems that Evolution does not try the given credentials. The entered LDAP Auth is never send to the DaVMail Proxy. anonymous access to ou=people forbidden davmail.ui.tray.DavGatewayTray.displayMessage(DavGatewayTray.java:96) It the same conf for TB and in Evolution so i looks like an issue with Evolution to me. Does it take some different cponfig than TB for the credentials? Anybody got this conf workin an can give me some hints? Thanks, WegDamit

    Read the article

  • Thoughts about MVC

    - by ayyash
    so i figured this one out, as a newcomer to the web development scene from the telecom biz, where we dealt with low level hardware API's, and a C++ fanboy, i tend to be bothered by automagical code, yes i appreciate the effort that went into it, and i certainly appreciate the luxury it provides to get more things done, but i just don't get it. so i decided to change that, and start investigating the new MVC based web apps, and at first it was like hitting a brick wall, i knew MVC from MFC days, so i'm familiar with the pattern, but i just couldn't get my head around the web version of it, till i came to realize the routing, is actually a separate feature to be inspected, much like understanding how LINQ works by better understanding anonymous objects. and so this article serve as an introduction to the following blogs where i share my views of how asp.net routing works, and then leverage that to the MVC level, and play around that field for a bit. as with most of my shared knowladge that may seem trivial to some, but i guess a newcomer's point of view can be useful for some folks out there.

    Read the article

  • What's special about currying or partial application?

    - by Vigneshwaran
    I've been reading articles on Functional programming everyday and been trying to apply some practices as much as possible. But I don't understand what is unique in currying or partial application. Take this Groovy code as an example: def mul = { a, b -> a * b } def tripler1 = mul.curry(3) def tripler2 = { mul(3, it) } I do not understand what is the difference between tripler1 and tripler2. Aren't they both the same? The 'currying' is supported in pure or partial functional languages like Groovy, Scala, Haskell etc. But I can do the same thing (left-curry, right-curry, n-curry or partial application) by simply creating another named or anonymous function or closure that will forward the parameters to the original function (like tripler2) in most languages (even C.) Am I missing something here? There are places where I can use currying and partial application in my Grails application but I am hesitating to do so because I'm asking myself "How's that different?" Please enlighten me.

    Read the article

  • How to mock a dynamic object

    - by Daniel Cazzulino
    Someone asked me how to mock a dynamic object with Moq, which might be non-obvious. Given the following interface definition: public interface IProject { string Name { get; } dynamic Data { get; } } When you try to setup the mock for the dynamic property values, you get:   What’s important to realize is that a dynamic object is just a plain object, whose properties happen to be resolved at runtime. Kinda like reflection, if you will: all public properties of whatever object happens to be the instance, will be resolved just fine at runtime. Therefore, one way to mock this dynamic is to just create an anonymous type with the properties we want, and set the dynamic property to return that:...Read full article

    Read the article

  • How can I keep my privacy while owning multiple domain names?

    - by Abby
    I want to own, create and run x# of domains. I do not want 'whois' to have my name, home address and home phone available to anyone who looks me up. I've already bought a mailbox that I can use for my physical address. But... that doesn't get my name and number question answered. What is the best way to be anonymous yet still be legal? Do I need to incorporate all my sites and get an LLC? Can I create a company name without becoming an LLC? Then there's the phone number.... Thanks in advance to all who respond!

    Read the article

< Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >